【Vulnerability Alert】Significant Security Vulnerability in Roundcube Mail Server (CVE-2025-49113)

• Subject: 【Vulnerability Alert】Significant Security Vulnerability in Roundcube Mail Server (CVE-2025-49113)

• Content:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202506-00000005
  • Roundcube mail server is an open-source webmail client, allowing users to send and receive emails through a browser, and is widely used in various email systems. Recently, the Roundcube development team received a report from a cybersecurity vendor indicating a significant security vulnerability (CVE-2025-49113, CVSS: 9.9) in the system, and a patched update has been released. [cite_start]This vulnerability is a PHP object deserialization flaw, which allows authenticated attackers to remotely execute arbitrary code, posing a threat to the system.
• Affected Platforms:
  • [cite_start]Roundcube versions 1.1.0 to 1.5.9
  • Roundcube versions 1.6.0 to 1.6.10
• Suggested Measures:
  • Please update to version 1.6.11, 1.5.10 (inclusive) or later.
• References:
  1. https://www.twcert.org.tw/tw/cp-169-10172-687a3-1.html

Computer and Communications Center
Network Systems Division